Add simple Basic auth (#1203)

* Add simple Basic auth To enable the basic authentication, one must set `server.auth.enabled` to true. The static string defined in `server.auth.secret` must be set in the header `Authorization`. The health check endpoint will always be accessible, no matter the API auth configuration. * Fix linting and type check * Fighting with mypy being too restrictive Had to disable mypy in the `auth` as we are not using the same signature for the authenticated method. mypy was complaining that the signatures of `authenticated` must be identical, no matter in which logical branch we are. Given that fastapi is accomodating itself of method signatures (it will inject the dependencies in the method call), this warning of mypy is actually preventing us to do something legit. mypy doc: https://mypy.readthedocs.io/en/stable/common_issues.html * Write tests to verify that the simple auth is working
2025-12-22 10:45:42 +01:00 · 2023-11-12 19:05:00 +01:00 · 2023-11-12 19:05:00 +01:00 · aa70d3d9f0
commit aa70d3d9f0
parent b7647542f4
15 changed files with 205 additions and 11 deletions
--- a/private_gpt/settings/settings.py
+++ b/private_gpt/settings/settings.py
@ -15,7 +15,8 @@ class CorsSettings(BaseModel):

    enabled: bool = Field(
        description="Flag indicating if CORS headers are set or not."
-        "If set to True, the CORS headers will be set to allow all origins, methods and headers."
+        "If set to True, the CORS headers will be set to allow all origins, methods and headers.",
+        default=False,
    )
    allow_credentials: bool = Field(
        description="Indicate that cookies should be supported for cross-origin requests",
@ -41,6 +42,23 @@ class CorsSettings(BaseModel):
    )


+class AuthSettings(BaseModel):
+    """Authentication configuration.
+
+    The implementation of the authentication strategy must
+    """
+
+    enabled: bool = Field(
+        description="Flag indicating if authentication is enabled or not.",
+        default=False,
+    )
+    secret: str = Field(
+        description="The secret to be used for authentication. "
+        "It can be any non-blank string. For HTTP basic authentication, "
+        "this value should be the whole 'Authorization' header that is expected"
+    )
+
+
 class ServerSettings(BaseModel):
    env_name: str = Field(
        description="Name of the environment (prod, staging, local...)"
@ -49,6 +67,10 @@ class ServerSettings(BaseModel):
    cors: CorsSettings = Field(
        description="CORS configuration", default=CorsSettings(enabled=False)
    )
+    auth: AuthSettings = Field(
+        description="Authentication configuration",
+        default_factory=lambda: AuthSettings(enabled=False, secret="secret-key"),
+    )


 class DataSettings(BaseModel):